March 14, 2006 11:05 AM PST
Study says RFID tags are vulnerable to viruses
- Related Stories
-
An RFID solution to rush hour headaches?
March 6, 2006 -
Passports to get RFID chip implants
October 25, 2005 -
Could broad anti-RFID laws cause problems?
July 14, 2005 -
Federal report warns of RFID misuses
May 27, 2005 -
Privacy questions arise as RFID hits stores
September 30, 2004 -
RFID tags: The people say no
September 7, 2004
Researchers demonstrate that it is possible to insert a software virus into radio frequency identification tags.
The New York Times
The story "Study says RFID tags are vulnerable to viruses" published March 14, 2006 at 11:05 AM is no longer available on CNET News.
Content from The New York Times expires after 7 days.
7 comments
Join the conversation! Add your comment (Log in or register)
Since we haven't seen the paper, how's this for a wild theory...
Imagine creating a buffer overflow exploit on a tag, and embedding the tag in a rat/field mouse. Do this 100 times. (or more).
Relase the mice outside of a WalMart distribution center....
Eventually, a field mouse/rat will trip an RFID sensor, introducing the virus.
Not sure what this will get you, but it would be an interesting way to introduce a virus.
And what would you call this virus?
(Bubonic Plauge)?
Sorry, I couldn't resist...
-G
These headlines tend to scare people off from thinking of the technology, when in most cases, it's been shown that these scenarios are not really possible "on the street".
Example - the luggage item is infected and then transferred to the airport system and then written to all the tags everywhere, Oh my Gosh!!!!
Nothing specified here as to how the tag even IF infected would overwrite the programming in the reader. Not probable. Won't say impossible as I'm not a RF engineer. Also - let's say the reader would become "infected" - how is it to write to tags when they are "read-only"?
Again - not specified. An article like this SHOULD dig into the details before posting as it spreads inaccurate data. For these supply chain systems & more to grow - they must be based on solid application of frequency principles and be able to accomplish the tasks required. Nothing more, nothing less.
The luggage reader above would more than likely simply not function properly and another reader would have to take over. It was never mentioned how the tag was written to in the first place. Most baggage applications even if active based vs. passive - still are read only, not read write.
Even if read/write - most of these are now being converted to Gen2 with encryption security. Also, the NYTimes piece doesn't mention how the virus author's knew the propietary info on the tag origination in the first place, but admits "it would require inside information".
This is akin to the "drive down the street with a reader and know all the tagged products in the house" scare-scenario. Will never happen in real life.
Everyone seems to forget that cumulatively, all parties have spent how many millions, maybe billions in projects and have difficult RF obstacles to overcome using readers to tags in feet and inches. So - how is the quick-hit criminal going to run down to his local Walmart, pick up a reader - dash to the airport and cause instant nightmares for the Department of Homeland Security?
Let's get real. This does not mean there are not security challenges to work through with this technology. There are. But, reasoned analysis serves better than "scary" scenarios.
Regards,
Damon McDaniel
You're right. While the hole exists how vunerable is it?
In reading the article, the potential for a buffer overflow attack is real. However, in order to take advantage of this potential, you need an inept programmer, and a knowledge of the victim's infrastructure.
How likely is this? You're right. Probably not likely. However, I am willing to defend the article in that they :
1) Got the story's details correct
2) Were truthful as to the severity of the potential risk
3) Are pointing out that a highly lauded technology may have some gaps in it.
News.com definitely got this one right.
(A blind mouse will find the cheese once in a blue moon...) ;-)
I guess the point to be taken is that RFID systems should be subject to the same security best practices as any other type of IT.
Do you validate the data from the reader or assume that its correct?
The answer is ... no, you do not validate it.
And this is a very important point. Checking for a buffer overflow is not the same as validating the data. You can use a readN() function vs a read() function where the readN() function takes the number of bytes to be read as an input parameter.
(So if your buffer holds 128 bytes, you don't want to read more than 128 bytes.)
Validation of the data takes time and in certain applications, you don't have time.
Consider an I-Pass (Interstate/Tollway pass) during rush hour. Are you going to try and validate each reader in real time?
Using Wal-Mart... Suppose you have a pallet of Gillette razors? (Each consumer package will have an RFID tag.) So how many tags do you read when that pallet passes through your shipping doors which has an embedded reader?
Using the razor blade example, suppose you have 1000 tags on a pallet. Which one represents the pallet and which represents an individual package?
How fast can you read and process those tags?
The reference to the cat is that RFID has been used for years to help id house pets. (Cats and Dogs)
Hence my wild theory about using field mice/rats to take down WalMart...
I think you need to take this with a grain of salt, and consider that RFID could be another vector of infection. Or rather part of another vector.